d4ba6430996fb4021241efc97c607504_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4ba6430996fb4021241efc97c607504_JaffaCakes118
Size

641KB
MD5

d4ba6430996fb4021241efc97c607504
SHA1

f2166b7045d3d6dd1b905e21486afe9eb9fd6e1b
SHA256

22ac3c11b2ac05981ede405380952aa481ad850b97da51605a7ee425e25c5c02
SHA512

f02aa1a872bf7db5ac2dfe51e45df7b7c64e3c1334a6a4e13a02b616393b4a6679efb4b69a44ce29446203a671ec24f0bfa2a8436cfd5f587284d970e7cb4b1a
SSDEEP

12288:vxLVimrHLQn1gX6VnSGwGSnFnpmBfpIiwWDljTTKI:vxLVimrsn68ynFnpsdwUjTuI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4ba6430996fb4021241efc97c607504_JaffaCakes118

Files

d4ba6430996fb4021241efc97c607504_JaffaCakes118
.exe windows:5 windows x64 arch:x64

ad491cb623a76ba66a2269fa3bfb23d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptGetProvParam
LookupPrivilegeNameW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessWithLogonW
SetServiceObjectSecurity
BuildSecurityDescriptorW
QueryServiceObjectSecurity
LookupAccountSidW
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
ConvertSidToStringSidW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
ControlService
EnumServicesStatusExW
CryptGetKeyParam
CryptDestroyKey
CryptGetUserKey
CredFree
CredEnumerateW
ImpersonateLoggedOnUser
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RevertToSelf
CreateServiceW
DeregisterEventSource
ReportEventW
RegisterEventSourceW

user32

MessageBoxW
WaitForInputIdle
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
PostThreadMessageW

secur32

GetUserNameExW

crypt32

CertOpenStore
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
PFXExportCertStoreEx
CertEnumSystemStore
CertGetCertificateContextProperty
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertGetNameStringW

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSEnumerateProcessesW
WTSOpenServerW
WTSEnumerateSessionsW

kernel32

GetConsoleCP
GetConsoleMode
HeapSize
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
CreateFileA
SetEndOfFile
GetProcessHeap
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
WriteFile
CreateFileW
FlushFileBuffers
CloseHandle
GetLastError
LoadLibraryW
SetLastError
GetProcAddress
WaitForSingleObject
GetModuleHandleW
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
ReadProcessMemory
VirtualProtectEx
VirtualProtect
WriteProcessMemory
GetNativeSystemInfo
ConnectNamedPipe
CreateNamedPipeW
ReadFile
DisconnectNamedPipe
GetCurrentProcess
CreateProcessW
IsBadReadPtr
TerminateProcess
Process32FirstW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32NextW
LocalFree
FormatMessageW
GetVersionExW
GetCurrentDirectoryW
GetComputerNameExW
Thread32First
TerminateThread
Thread32Next
OpenThread
SuspendThread
ResumeThread
SetConsoleTitleW
CreateJobObjectW
AssignProcessToJobObject
GetProcessId
DuplicateHandle
TerminateJobObject
SetConsoleCursorPosition
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
RtlVirtualUnwind
GetCurrentThreadId
GetVersion
MultiByteToWideChar
GetFileType
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetCommandLineW
ExitProcess
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapSetInformation
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStartupInfoW
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoW

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad491cb623a76ba66a2269fa3bfb23d3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

secur32

crypt32

shlwapi

wtsapi32

kernel32

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 54KB - Virtual size: 72KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 54KB - Virtual size: 72KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 9KB - Virtual size: 8KB